[Freeipa-devel] [PATCH] 0002 Added support for authentication with user certificate
Alexander Bokovoy
abokovoy at redhat.com
Mon Aug 8 11:13:21 UTC 2016
On Mon, 08 Aug 2016, Martin Kosek wrote:
>On 08/05/2016 02:57 PM, Tibor Dudlak wrote:
>> Hi,
>>
>> I have extended my previous patch for authentication with user
>> certificate/smartcard. This patch includes patches and plugin described here:
>> http://www.freeipa.org/page/V4/External_Authentication/Setup
>> Page also contains steps to configure and test this feature. Once this patch is
>> merged and released we will simplify this page to not confuse customers.
>> Addressing ticket: https://fedorahosted.org/freeipa/ticket/5764
>>
>> Thanks.
>
>I discussed this with Jan Pazdziora on IRC, outside of this mail thread, so let
>me repeat my suggestion here. I still think it is premature to add plugins like
>that to FreeIPA core git. We are not agreed yet how we will distribute FreeIPA
>plugins, so I would not rush adding this plugin to FreeIPA core, especially
>since it is very experimental and not even secure yet. FreeIPA plugin
>distribution should be more thought through and discussed.
>
>As I proposed, this plugin can now live outside of FreeIPA core git, in it's
>own life cycle (maybe in freeipa-plugins github git repo we create?) so that it
>can be updated without updating whole FreeIPA core. In this effort, I would
>suggest to only consider updates of
>
>* ipaserver/plugins/xmlserver.py
>* ipaserver/rpcserver.py
>
>as these would have to patched by admin deploying this feature and would be
>overwritten by RPM updates. The plugin itself or server.conf can be deployed
>and installed separatenly, even via other RPM.
Right. This was my thinking too when I saw the patches.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list